[drupal-devel] simple and effective comment spam prevention exists and works

Harry Slaughter harry at slaughters.com
Sat Oct 1 07:15:19 UTC 2005

after reading this article:


i'm now using this rule in .htaccess (in rewrite block above the "?q" 
rewrite rule [which would override this rule]):

   # Try to prevent comment spam. Attempts to post comments are 403 if they
   # aren't coming from within site. This will prevent clients that 
don't send
   # referrer from posting comments, but I'm not aware of any modern 
browser that
   # does not send a referrer
   RewriteCond %{HTTP_REFERER} "!^http://(www.)?slaughters.com/.*$" [NC]
   RewriteCond %{THE_REQUEST}  "POST /comment/reply/.*"
   RewriteRule .* - [F]

i believe the domain name can be replaced with a var to make it generic. 
i'm just not sure if there are cases where a valid client does not send 
a referrer.

i switched from MT to Drupal largely because my site had become a spam 
repository. i know there are lots of modules that try to prevent spam, 
but i prefer simplicity where possible.

of course, it's probably only a matter of time until spammers spoof 
headers to circumvent this, but i'm sure it can be tweaked to keep up 
with the bastards.

anyway, this is the anti-spam approach i'm going to use for now. thought 
there might be more general interest in it.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: harry.vcf
Type: text/x-vcard
Size: 255 bytes
Desc: not available
Url : http://drupal3.drupal.org/pipermail/development/attachments/20051001/17ddcd67/harry.vcf

More information about the drupal-devel mailing list